SCADA (Supervisory Control and Data Acquisition) systems are critical for managing industrial processes, including energy production, manufacturing, and transportation. However, their reliance on protocols such as Modbus, which lack inherent security features, exposes them to sophisticated cyber threats. This paper explores vulnerabilities in the Modbus protocol to design advanced SCADA-specific attack scenarios—SCADA Hijacking and SCADA Blackout. These covert attacks exploit protocol weaknesses to manipulate process parameters or halt operations while evading detection by intrusion detection systems (IDS) and human operators, representing a significant escalation in the sophistication of cyber threats. To counter these threats, we propose a novel machine learning-based defense mechanism that incorporates heterogeneous graph embeddings, combining multimodal network data such as flow-level and packet-level features. The proposed attacks and defense mechanism were rigorously evaluated using precision, recall, F1 score, accuracy and false positive rate as key metrics, demonstrating the stealthiness of the attacks and the robustness of the defense. By exposing critical vulnerabilities and presenting an advanced intrusion detection framework, this research establishes a foundation for strengthening SCADA systems against evolving cyber threats, ensuring the security and reliability of industrial control systems.